1 |
/* |
2 |
* ccs_new_network_test.c |
3 |
* |
4 |
* Copyright (C) 2005-2010 NTT DATA CORPORATION |
5 |
* |
6 |
* Version: 1.8.0-pre 2010/08/01 |
7 |
* |
8 |
* This program is free software; you can redistribute it and/or modify it |
9 |
* under the terms of the GNU General Public License v2 as published by the |
10 |
* Free Software Foundation. |
11 |
* |
12 |
* This program is distributed in the hope that it will be useful, but WITHOUT |
13 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
14 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for |
15 |
* more details. |
16 |
* |
17 |
* You should have received a copy of the GNU General Public License along with |
18 |
* this program; if not, write to the Free Software Foundation, Inc., |
19 |
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA |
20 |
*/ |
21 |
#include "include.h" |
22 |
|
23 |
static const char *policy = ""; |
24 |
|
25 |
static int write_policy(void) |
26 |
{ |
27 |
FILE *fp = fopen(proc_policy_domain_policy, "r"); |
28 |
char buffer[8192]; |
29 |
char *cp; |
30 |
int domain_found = 0; |
31 |
int policy_found = 0; |
32 |
memset(buffer, 0, sizeof(buffer)); |
33 |
fprintf(domain_fp, "%s\n", policy); |
34 |
if (!fp) { |
35 |
printf("%s : BUG: policy read failed\n", policy); |
36 |
return 0; |
37 |
} |
38 |
while (fgets(buffer, sizeof(buffer) - 1, fp)) { |
39 |
cp = strchr(buffer, '\n'); |
40 |
if (cp) |
41 |
*cp = '\0'; |
42 |
if (!strncmp(buffer, "<kernel>", 8)) |
43 |
domain_found = !strcmp(self_domain, buffer); |
44 |
if (domain_found) { |
45 |
if (!strcmp(buffer, policy)) { |
46 |
policy_found = 1; |
47 |
break; |
48 |
} |
49 |
} |
50 |
} |
51 |
fclose(fp); |
52 |
if (!policy_found) { |
53 |
printf("%s : BUG: policy write failed\n", policy); |
54 |
return 0; |
55 |
} |
56 |
errno = 0; |
57 |
return 1; |
58 |
} |
59 |
|
60 |
static void delete_policy(void) |
61 |
{ |
62 |
fprintf(domain_fp, "delete %s\n", policy); |
63 |
} |
64 |
|
65 |
static void show_result(int result, char should_success) |
66 |
{ |
67 |
printf("%s : ", policy); |
68 |
if (should_success) { |
69 |
if (result != EOF) |
70 |
printf("OK\n"); |
71 |
else |
72 |
printf("FAILED: %s\n", strerror(errno)); |
73 |
} else { |
74 |
if (result == EOF) { |
75 |
if (errno == EPERM) |
76 |
printf("OK: Permission denied.\n"); |
77 |
else |
78 |
printf("FAILED: %s\n", strerror(errno)); |
79 |
} else { |
80 |
printf("BUG\n"); |
81 |
} |
82 |
} |
83 |
} |
84 |
|
85 |
static void show_result2(int result) |
86 |
{ |
87 |
printf("%s : ", policy); |
88 |
if (result == EOF) { |
89 |
if (errno == EAGAIN) |
90 |
printf("OK: Not ready.\n"); |
91 |
else |
92 |
printf("FAILED: %s\n", strerror(errno)); |
93 |
} else { |
94 |
printf("BUG\n"); |
95 |
} |
96 |
} |
97 |
|
98 |
static void stage_network_test(void) |
99 |
{ |
100 |
int i; |
101 |
|
102 |
{ /* IPv4 TCP */ |
103 |
char buffer[1024]; |
104 |
struct sockaddr_in saddr; |
105 |
struct sockaddr_in caddr; |
106 |
socklen_t size = sizeof(saddr); |
107 |
int fd1 = socket(PF_INET, SOCK_STREAM, 0); |
108 |
int fd2 = socket(PF_INET, SOCK_STREAM, 0); |
109 |
int fd3 = EOF; |
110 |
memset(buffer, 0, sizeof(buffer)); |
111 |
policy = buffer; |
112 |
|
113 |
memset(&saddr, 0, sizeof(saddr)); |
114 |
saddr.sin_family = AF_INET; |
115 |
saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); |
116 |
saddr.sin_port = htons(0); |
117 |
|
118 |
snprintf(buffer, sizeof(buffer) - 1, |
119 |
"network inet TCP bind 127.0.0.1 0-1"); |
120 |
errno = 0; |
121 |
show_result(bind(fd1, (struct sockaddr *) &saddr, |
122 |
sizeof(saddr)), 0); |
123 |
if (write_policy()) { |
124 |
show_result(bind(fd1, (struct sockaddr *) &saddr, |
125 |
sizeof(saddr)), 1); |
126 |
delete_policy(); |
127 |
} |
128 |
getsockname(fd1, (struct sockaddr *) &saddr, &size); |
129 |
|
130 |
snprintf(buffer, sizeof(buffer) - 1, |
131 |
"network inet TCP listen 127.0.0.0-127.255.255.255 " |
132 |
"%u-%u", ntohs(saddr.sin_port) - 1, |
133 |
ntohs(saddr.sin_port) + 1); |
134 |
errno = 0; |
135 |
show_result(listen(fd1, 5), 0); |
136 |
if (write_policy()) { |
137 |
show_result(listen(fd1, 5), 1); |
138 |
delete_policy(); |
139 |
} |
140 |
|
141 |
snprintf(buffer, sizeof(buffer) - 1, |
142 |
"network inet TCP connect 127.0.0.1 %u-%u", |
143 |
ntohs(saddr.sin_port) - 1, ntohs(saddr.sin_port) + 1); |
144 |
errno = 0; |
145 |
show_result(connect(fd2, (struct sockaddr *) &saddr, |
146 |
sizeof(saddr)), 0); |
147 |
if (write_policy()) { |
148 |
show_result(connect(fd2, (struct sockaddr *) &saddr, |
149 |
sizeof(saddr)), 1); |
150 |
delete_policy(); |
151 |
} |
152 |
getsockname(fd2, (struct sockaddr *) &caddr, &size); |
153 |
|
154 |
snprintf(buffer, sizeof(buffer) - 1, |
155 |
"network inet TCP accept 127.0.0.1 %u-%u", |
156 |
ntohs(caddr.sin_port) - 1, ntohs(caddr.sin_port) + 1); |
157 |
fcntl(fd1, F_SETFL, fcntl(fd1, F_GETFL, 0) | O_NONBLOCK); |
158 |
errno = 0; |
159 |
fd3 = accept(fd1, (struct sockaddr *) &caddr, &size); |
160 |
show_result2(fd3); |
161 |
fcntl(fd1, F_SETFL, fcntl(fd1, F_GETFL, 0) & ~O_NONBLOCK); |
162 |
if (fd3 != EOF) |
163 |
close(fd3); |
164 |
|
165 |
close(fd2); |
166 |
fd2 = socket(PF_INET, SOCK_STREAM, 0); |
167 |
snprintf(buffer, sizeof(buffer) - 1, |
168 |
"network inet TCP connect 127.0.0.0-127.255.255.255 " |
169 |
"%u-%u", ntohs(saddr.sin_port) - 1, |
170 |
ntohs(saddr.sin_port) + 1); |
171 |
if (write_policy()) { |
172 |
connect(fd2, (struct sockaddr *) &saddr, |
173 |
sizeof(saddr)); |
174 |
delete_policy(); |
175 |
} |
176 |
getsockname(fd2, (struct sockaddr *) &caddr, &size); |
177 |
snprintf(buffer, sizeof(buffer) - 1, |
178 |
"network inet TCP accept 127.0.0.0-127.255.255.255 " |
179 |
"%u-%u", ntohs(caddr.sin_port) - 1, |
180 |
ntohs(caddr.sin_port) + 1); |
181 |
if (write_policy()) { |
182 |
fd3 = accept(fd1, (struct sockaddr *) &caddr, &size); |
183 |
show_result(fd3, 1); |
184 |
delete_policy(); |
185 |
if (fd3 != EOF) |
186 |
close(fd3); |
187 |
} |
188 |
|
189 |
if (fd2 != EOF) |
190 |
close(fd2); |
191 |
if (fd1 != EOF) |
192 |
close(fd1); |
193 |
} |
194 |
|
195 |
{ /* IPv4 address_group */ |
196 |
char buffer[1024]; |
197 |
int fd1 = socket(PF_INET, SOCK_STREAM, 0); |
198 |
int fd2 = socket(PF_INET, SOCK_STREAM, 0); |
199 |
struct sockaddr_in saddr; |
200 |
fprintf(profile_fp, |
201 |
"255-PREFERENCE::enforcing={ verbose=yes }\n"); |
202 |
memset(buffer, 0, sizeof(buffer)); |
203 |
policy = buffer; |
204 |
memset(&saddr, 0, sizeof(saddr)); |
205 |
saddr.sin_family = AF_INET; |
206 |
saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); |
207 |
saddr.sin_port = htons(10001); |
208 |
fprintf(exception_fp, "address_group TESTADDRESS 127.0.0.1\n"); |
209 |
snprintf(buffer, sizeof(buffer) - 1, |
210 |
"network inet TCP bind @TESTADDRESS 10001"); |
211 |
errno = 0; |
212 |
show_result(bind(fd1, (struct sockaddr *) &saddr, |
213 |
sizeof(saddr)), 0); |
214 |
if (write_policy()) { |
215 |
show_result(bind(fd1, (struct sockaddr *) &saddr, |
216 |
sizeof(saddr)), 1); |
217 |
delete_policy(); |
218 |
} |
219 |
fprintf(exception_fp, |
220 |
"delete address_group TESTADDRESS 127.0.0.1\n"); |
221 |
saddr.sin_port = htons(20002); |
222 |
fprintf(exception_fp, "address_group TESTADDRESS " |
223 |
"127.0.0.0-127.0.0.2\n"); |
224 |
snprintf(buffer, sizeof(buffer) - 1, |
225 |
"network inet TCP bind @TESTADDRESS 20002"); |
226 |
errno = 0; |
227 |
show_result(bind(fd2, (struct sockaddr *) &saddr, |
228 |
sizeof(saddr)), 0); |
229 |
if (write_policy()) { |
230 |
show_result(bind(fd2, (struct sockaddr *) &saddr, |
231 |
sizeof(saddr)), 1); |
232 |
delete_policy(); |
233 |
} |
234 |
fprintf(exception_fp, "delete address_group TESTADDRESS " |
235 |
"127.0.0.0-127.0.0.2\n"); |
236 |
if (fd1 != EOF) |
237 |
close(fd1); |
238 |
if (fd2 != EOF) |
239 |
close(fd2); |
240 |
fprintf(profile_fp, |
241 |
"255-PREFERENCE::enforcing={ verbose=no }\n"); |
242 |
} |
243 |
|
244 |
i = socket(PF_INET6, SOCK_STREAM, 0); |
245 |
if (i == EOF) |
246 |
return; |
247 |
close(i); |
248 |
|
249 |
{ /* IPv6 TCP */ |
250 |
char buffer[1024]; |
251 |
struct sockaddr_in6 saddr, caddr; |
252 |
socklen_t size = sizeof(saddr); |
253 |
int fd1 = socket(PF_INET6, SOCK_STREAM, 0); |
254 |
int fd2 = socket(PF_INET6, SOCK_STREAM, 0); |
255 |
int fd3 = EOF; |
256 |
memset(buffer, 0, sizeof(buffer)); |
257 |
policy = buffer; |
258 |
|
259 |
memset(&saddr, 0, sizeof(saddr)); |
260 |
saddr.sin6_family = AF_INET6; |
261 |
saddr.sin6_addr = in6addr_loopback; |
262 |
saddr.sin6_port = htons(0); |
263 |
|
264 |
snprintf(buffer, sizeof(buffer) - 1, |
265 |
"network inet TCP bind 0:0:0:0:0:0:0:1 0-1"); |
266 |
errno = 0; |
267 |
show_result(bind(fd1, (struct sockaddr *) &saddr, |
268 |
sizeof(saddr)), 0); |
269 |
if (write_policy()) { |
270 |
show_result(bind(fd1, (struct sockaddr *) &saddr, |
271 |
sizeof(saddr)), 1); |
272 |
delete_policy(); |
273 |
} |
274 |
getsockname(fd1, (struct sockaddr *) &saddr, &size); |
275 |
|
276 |
snprintf(buffer, sizeof(buffer) - 1, |
277 |
"network inet TCP listen " |
278 |
"0:0:0:0:0:0:0:0-0:0:0:0:0:0:0:ff %u-%u", |
279 |
ntohs(saddr.sin6_port) - 1, |
280 |
ntohs(saddr.sin6_port) + 1); |
281 |
errno = 0; |
282 |
show_result(listen(fd1, 5), 0); |
283 |
if (write_policy()) { |
284 |
show_result(listen(fd1, 5), 1); |
285 |
delete_policy(); |
286 |
} |
287 |
|
288 |
snprintf(buffer, sizeof(buffer) - 1, |
289 |
"network inet TCP connect 0:0:0:0:0:0:0:1 %u-%u", |
290 |
ntohs(saddr.sin6_port) - 1, |
291 |
ntohs(saddr.sin6_port) + 1); |
292 |
errno = 0; |
293 |
show_result(connect(fd2, (struct sockaddr *) &saddr, |
294 |
sizeof(saddr)), 0); |
295 |
if (write_policy()) { |
296 |
show_result(connect(fd2, (struct sockaddr *) &saddr, |
297 |
sizeof(saddr)), 1); |
298 |
delete_policy(); |
299 |
} |
300 |
getsockname(fd2, (struct sockaddr *) &caddr, &size); |
301 |
|
302 |
snprintf(buffer, sizeof(buffer) - 1, |
303 |
"network inet TCP accept 0:0:0:0:0:0:0:1 %u-%u", |
304 |
ntohs(caddr.sin6_port) - 1, |
305 |
ntohs(caddr.sin6_port) + 1); |
306 |
fcntl(fd1, F_SETFL, fcntl(fd1, F_GETFL, 0) | O_NONBLOCK); |
307 |
errno = 0; |
308 |
fd3 = accept(fd1, (struct sockaddr *) &caddr, &size); |
309 |
show_result2(fd3); |
310 |
fcntl(fd1, F_SETFL, fcntl(fd1, F_GETFL, 0) & ~O_NONBLOCK); |
311 |
if (fd3 != EOF) |
312 |
close(fd3); |
313 |
|
314 |
close(fd2); |
315 |
fd2 = socket(PF_INET6, SOCK_STREAM, 0); |
316 |
snprintf(buffer, sizeof(buffer) - 1, "network inet TCP " |
317 |
"connect 0:0:0:0:0:0:0:0-0:0:0:0:0:0:0:ff %u-%u", |
318 |
ntohs(saddr.sin6_port) - 1, |
319 |
ntohs(saddr.sin6_port) + 1); |
320 |
if (write_policy()) { |
321 |
connect(fd2, (struct sockaddr *) &saddr, |
322 |
sizeof(saddr)); |
323 |
delete_policy(); |
324 |
} |
325 |
getsockname(fd2, (struct sockaddr *) &caddr, &size); |
326 |
snprintf(buffer, sizeof(buffer) - 1, |
327 |
"network inet TCP accept " |
328 |
"0:0:0:0:0:0:0:0-0:0:0:0:0:0:0:ff %u-%u", |
329 |
ntohs(caddr.sin6_port) - 1, |
330 |
ntohs(caddr.sin6_port) + 1); |
331 |
fcntl(fd1, F_SETFL, fcntl(fd1, F_GETFL, 0) | O_NONBLOCK); |
332 |
if (write_policy()) { |
333 |
fd3 = accept(fd1, (struct sockaddr *) &caddr, &size); |
334 |
show_result(fd3, 1); |
335 |
delete_policy(); |
336 |
if (fd3 != EOF) |
337 |
close(fd3); |
338 |
} |
339 |
fcntl(fd1, F_SETFL, fcntl(fd1, F_GETFL, 0) & ~O_NONBLOCK); |
340 |
|
341 |
if (fd2 != EOF) |
342 |
close(fd2); |
343 |
if (fd1 != EOF) |
344 |
close(fd1); |
345 |
} |
346 |
|
347 |
{ /* IPv6 address_group */ |
348 |
char buffer[1024]; |
349 |
int fd1 = socket(PF_INET6, SOCK_STREAM, 0); |
350 |
int fd2 = socket(PF_INET6, SOCK_STREAM, 0); |
351 |
struct sockaddr_in6 saddr; |
352 |
fprintf(profile_fp, |
353 |
"255-PREFERENCE::enforcing={ verbose=yes }\n"); |
354 |
memset(buffer, 0, sizeof(buffer)); |
355 |
policy = buffer; |
356 |
memset(&saddr, 0, sizeof(saddr)); |
357 |
saddr.sin6_family = AF_INET6; |
358 |
saddr.sin6_addr = in6addr_loopback; |
359 |
saddr.sin6_port = htons(30003); |
360 |
fprintf(exception_fp, "address_group TESTADDRESS " |
361 |
"0:0:0:0:0:0:0:1\n"); |
362 |
snprintf(buffer, sizeof(buffer) - 1, |
363 |
"network inet TCP bind @TESTADDRESS 30003"); |
364 |
errno = 0; |
365 |
show_result(bind(fd1, (struct sockaddr *) &saddr, |
366 |
sizeof(saddr)), 0); |
367 |
if (write_policy()) { |
368 |
show_result(bind(fd1, (struct sockaddr *) &saddr, |
369 |
sizeof(saddr)), 1); |
370 |
delete_policy(); |
371 |
} |
372 |
fprintf(exception_fp, "delete address_group " |
373 |
"TESTADDRESS 0:0:0:0:0:0:0:1\n"); |
374 |
saddr.sin6_port = htons(40004); |
375 |
fprintf(exception_fp, "address_group TESTADDRESS " |
376 |
"0:0:0:0:0:0:0:0-0:0:0:0:0:0:0:2\n"); |
377 |
snprintf(buffer, sizeof(buffer) - 1, |
378 |
"network inet TCP bind @TESTADDRESS 40004"); |
379 |
errno = 0; |
380 |
show_result(bind(fd2, (struct sockaddr *) &saddr, |
381 |
sizeof(saddr)), 0); |
382 |
if (write_policy()) { |
383 |
show_result(bind(fd2, (struct sockaddr *) &saddr, |
384 |
sizeof(saddr)), 1); |
385 |
delete_policy(); |
386 |
} |
387 |
fprintf(exception_fp, "delete address_group TESTADDRESS " |
388 |
"0:0:0:0:0:0:0:0-0:0:0:0:0:0:0:2\n"); |
389 |
if (fd1 != EOF) |
390 |
close(fd1); |
391 |
if (fd2 != EOF) |
392 |
close(fd2); |
393 |
fprintf(profile_fp, |
394 |
"255-PREFERENCE::enforcing={ verbose=no }\n"); |
395 |
} |
396 |
|
397 |
} |
398 |
|
399 |
int main(int argc, char *argv[]) |
400 |
{ |
401 |
ccs_test_init(); |
402 |
set_profile(3, "network::inet_tcp_bind"); |
403 |
set_profile(3, "network::inet_tcp_listen"); |
404 |
set_profile(3, "network::inet_tcp_connect"); |
405 |
set_profile(3, "network::inet_tcp_accept"); |
406 |
set_profile(3, "network::inet_udp_bind"); |
407 |
set_profile(3, "network::inet_udp_send"); |
408 |
set_profile(3, "network::inet_udp_recv"); |
409 |
set_profile(3, "network::inet_raw_bind"); |
410 |
set_profile(3, "network::inet_raw_send"); |
411 |
set_profile(3, "network::inet_raw_recv"); |
412 |
fprintf(profile_fp, "255-PREFERENCE::audit={ max_reject_log=1024 }\n"); |
413 |
stage_network_test(); |
414 |
clear_status(); |
415 |
return 0; |
416 |
} |